Bulk Registration Data Access to Icann Periodic Access to Thin Registration Data. In order to verify and ensure the operational stability of Registry Services as well as to facilitate compliance checks on accredited registrars, Registry Operator will provide ICANN on a weekly basis (the day to be designated by ICANN) with up-to-date Registration Data as specified below. Data will include data committed as of 00:00:00 UTC on the day previous to the one designated for retrieval by ICANN.
Publication of Registration Data Registry Operator shall provide public access to registration data in accordance with Specification 4 attached hereto (“Specification 4”).
DATA REQUESTS Upon the written request of the District, the State Auditor’s Office, the Appraisal District, or the Comptroller during the term of this Agreement, the Applicant, the District or any other entity on behalf of the District shall provide the requesting party with all information reasonably necessary for the requesting party to determine whether the Applicant is in compliance with its rights, obligations or responsibilities, including, but not limited to, any employment obligations which may arise under this Agreement.
Privacy and Data Security (a) In the prior three (3) years, the Company and its Subsidiaries have been in compliance with Privacy Laws, and in all material respects with (i) Contracts (or portions thereof) between the Company or its Subsidiaries and other Persons relating to Personal Data and (ii) applicable written policies, public statements and other public representations relating to the Processing of Personal Data, inclusive of all disclosures required by applicable Privacy Laws (“Privacy and Data Security Policies,” and together with Privacy Laws and such Contracts, “Privacy Commitments”). The execution, delivery and performance by the Company of this Agreement to which the Company is or will be a party, and the consummation of the transactions contemplated hereby or thereby, are not reasonably expected to, directly or indirectly, result in a violation of any Privacy Commitments that would be materially adverse to the Company and its Subsidiaries, taken as a whole. (b) In the prior three (3) years, the Privacy and Data Security Policies have at all times been maintained and made available to individuals in accordance with reasonable industry practices and as required by Privacy Laws, are accurate and complete and are not misleading or deceptive (including by omission). The practices of the Company or its Subsidiaries with respect to the Processing of Personal Data conform in all material respects to the Privacy and Data Security Policies that govern such Personal Data. (c) There is (and in the prior three years there has been) no material Legal Proceeding pending or, to the Company’s knowledge, threatened against or involving the Company or its Subsidiaries initiated by any Person (including (i) the Federal Trade Commission, any state attorney general or similar state official, (ii) any other Governmental authority, foreign or domestic or (iii) any regulatory or self-regulatory entity) alleging that any Processing of Personal Data by or on behalf of the Company or its Subsidiaries is or was in violation of any Privacy Commitments. To the Company’s Knowledge, there are no facts, circumstances or conditions that would reasonably be expected to form the basis for any proceeding for any potential violation of any Privacy Commitments. (d) In the prior three (3) years, (i) there has been no unauthorized access to, or unauthorized use, disclosure, or Processing of Personal Data in the possession or control of the Company or its Subsidiaries or any of its contractors with regard to any Personal Data obtained from or on behalf of the Company or its Subsidiaries (“Security Incident”), (ii) there have been no unauthorized intrusions or breaches of security into any Company IT Systems, and (iii) none of the Company or any of its Subsidiaries has notified or been required to notify any Person of any (A) loss, theft or damage of, or (B) other unauthorized or unlawful access to, or use, disclosure or other Processing of, Personal Data, except, in each case of clauses (i), (ii), and (iii), as would not have a Company Material Adverse Effect. Each of the Company and its Subsidiaries has implemented commercially reasonable administrative, physical and technical safeguards, and ensures that its contractors processing Personal Data take such safeguards to protect the confidentiality, integrity and security of Personal Data against any Security Incident, including taking all reasonable steps to safeguard and back up Personal Data. (e) Each of the Company and its Subsidiaries owns or has a license or other right to use the Company IT Systems as necessary to operate the business of each the Company or its Subsidiaries as currently conducted. All Company IT Systems are (i) free from any defect, bug, virus or programming, design or documentation error and (ii) in sufficiently good working condition to effectively perform all information technology operations necessary for the operation of businesses of the Company and its Subsidiaries (except for ordinary wear and tear), except in each case of clauses (i) and (ii), as is not and would not reasonably be expected to be, individually or in the aggregate, material to the Company and its Subsidiaries, taken as a whole. In the prior three years, there have not been any material failures, breakdowns or continued substandard performance of any Company IT Systems that have caused a material failure or disruption of the Company IT Systems other than routine failures or disruptions that have been remediated in the Ordinary Course of Business. In the past three (3) years, there have been no (except to the extent completely remediated), and to the Company’s Knowledge, there are no material security deficiencies or vulnerabilities in the Company IT Systems.
Data Security and Unauthorized Data Release The Requester and Approved Users, including the Requester’s IT Director, acknowledge NIH’s expectation that they have reviewed and agree to manage the requested controlled-access dataset(s) and any Data Derivatives of controlled-access datasets according to NIH’s expectations set forth in the current NIH Security Best Practices for Controlled-Access Data Subject to the GDS Policy and the Requester’s IT security requirements and policies. The Requester, including the Requester’s IT Director, agree that the Requester’s IT security requirements and policies are sufficient to protect the confidentiality and integrity of the NIH controlled-access data entrusted to the Requester. If approved by NIH to use cloud computing for the proposed research project, as outlined in the Research and Cloud Computing Use Statements of the Data Access Request, the Requester acknowledges that the IT Director has reviewed and understands the cloud computing guidelines in the NIH Security Best Practices for Controlled-Access Data Subject to the NIH GDS Policy. The Requester and PI agree to notify the appropriate DAC(s) of any unauthorized data sharing, breaches of data security, or inadvertent data releases that may compromise data confidentiality within 24 hours of when the incident is identified. As permitted by law, notifications should include any known information regarding the incident and a general description of the activities or process in place to define and remediate the situation fully. Within 3 business days of the DAC notification, the Requester agrees to submit to the DAC(s) a detailed written report including the date and nature of the event, actions taken or to be taken to remediate the issue(s), and plans or processes developed to prevent further problems, including specific information on timelines anticipated for action. The Requester agrees to provide documentation verifying that the remediation plans have been implemented. Repeated violations or unresponsiveness to NIH requests may result in further compliance measures affecting the Requester. NIH, or another entity designated by NIH may, as permitted by law, also investigate any data security incident or policy violation. Approved Users and their associates agree to support such investigations and provide information, within the limits of applicable local, state, tribal, and federal laws and regulations. In addition, Requester and Approved Users agree to work with the NIH to assure that plans and procedures that are developed to address identified problems are mutually acceptable and consistent with applicable law.
Data Rights User retains all rights over any data and other information that User may provide, upload, transfer or make available in relation to, or which is collected from User’s devices or equipment by, the Software, including, without limitation, information pertaining to how the Software obtains, uses, and respond to inputs, location, ambient conditions, and other information related to use and operation of the Software with Honeywell or third-party products, software or websites (“Usage Data”). Honeywell has the right to retain, transfer, disclose, duplicate, analyze, modify, and otherwise use Usage Data to protect, improve, or develop its products, services, and related offerings. All information, analysis, insights, inventions, and algorithms derived from Usage Data by Honeywell (but excluding the Usage Data itself) and any intellectual property rights obtained related thereto, are owned exclusively and solely by Xxxxxxxxx.
REPORT SUBMISSION 1. Copies of reporting packages for audits conducted in accordance with 2 CFR Part 200, Subpart F-Audit Requirements, and required by PART I of this form shall be submitted, when required by 2 CFR 200.512, by or on behalf of the recipient directly to the Federal Audit Clearinghouse (FAC) as provided in 2 CFR 200.36 and 200.512 A. The Federal Audit Clearinghouse designated in 2 CFR §200.501(a) (the number of copies required by 2 CFR §200.501(a) should be submitted to the Federal Audit Clearinghouse), at the following address: Federal Audit Clearinghouse Bureau of the Census 0000 Xxxx 00xx Xxxxxx Xxxxxxxxxxxxxx, XX 00000 Submissions of the Single Audit reporting package for fiscal periods ending on or after January 1, 2008, must be submitted using the Federal Clearinghouse’s Internet Data Entry System which can be found at xxxx://xxxxxxxxx.xxxxxx.xxx/facweb/ 2. Copies of financial reporting packages required by PART II of this Attachment shall be submitted by or on behalf of the recipient directly to each of the following: A. The Department of Environmental Protection at one of the following addresses: By Mail: Florida Department of Environmental Protection Office of Inspector General, MS 40 0000 Xxxxxxxxxxxx Xxxxxxxxx Tallahassee, Florida 32399-3000 Electronically: XXXXXxxxxxXxxxx@xxx.xxxxx.xx.xx B. The Auditor General’s Office at the following address: Auditor General Local Government Audits/342 Xxxxxx Xxxxxx Building, Room 000 000 Xxxx Xxxxxxx Xxxxxx Xxxxxxxxxxx, Xxxxxxx 00000-1450 The Auditor General’s website (xxxx://xxxxxxxxx.xxx/) provides instructions for filing an electronic copy of a financial reporting package. 3. Copies of reports or management letters required by PART III of this Attachment shall be submitted by or on behalf of the recipient directly to the Department of Environmental Protection at one of the following addresses: By Mail: Florida Department of Environmental Protection Office of Inspector General, MS 40 0000 Xxxxxxxxxxxx Xxxxxxxxx Tallahassee, Florida 32399-3000 Electronically: XXXXXxxxxxXxxxx@xxx.xxxxx.xx.xx 4. Any reports, management letters, or other information required to be submitted to the Department of Environmental Protection pursuant to this Agreement shall be submitted timely in accordance with 2 CFR 200.512, section 215.97, F.S., and Chapters 10.550 (local governmental entities) or 10.650 (nonprofit and for-profit organizations), Rules of the Auditor General, as applicable. 5. Recipients, when submitting financial reporting packages to the Department of Environmental Protection for audits done in accordance with 2 CFR 200, Subpart F-Audit Requirements, or Chapters 10.550 (local governmental entities) and 10.650 (non and for-profit organizations), Rules of the Auditor General, should indicate the date and the reporting package was delivered to the recipient correspondence accompanying the reporting package.
DATA REPORTING a) CONTRACTOR shall agree to provide all data related to student information and billing information with XXX. CONTRACTOR shall agree to provide all data related to any and all sections of this contract and requested by and in the format require by the LEA. CONTRACTOR shall provide the LEA with invoices, attendance reports and progress reports for LEA students enrolled in CONTRACTOR’s NPS/A. b) Using forms developed by the CDE or as otherwise mutually agreed upon by CONTRACTOR and XXX, CONTRACTOR shall provide LEA, on a monthly basis, a written report of all incidents in which a statutory offense is committed by any LEA student, regardless if it results in a disciplinary action of suspension or expulsion. This includes all statutory offenses as described in Education Code sections 48900 and 48915. CONTRACTOR shall also include, in this monthly report, incidents resulting in the use of a behavioral restraint and/or seclusion even if they were not a result of a violation of Education Code sections 48900 and 48915. c) The LEA shall provide the CONTRACTORS with approved forms and/or format for such data including but not limited to invoicing, attendance reports and progress reports. The LEA may approve use of CONTRACTORS-provided forms at their discretion.
DTC DIRECT REGISTRATION SYSTEM AND PROFILE MODIFICATION SYSTEM (a) Notwithstanding the provisions of Section 2.04, the parties acknowledge that the Direct Registration System (“DRS”) and Profile Modification System (“Profile”) shall apply to uncertificated American Depositary Shares upon acceptance thereof to DRS by DTC. DRS is the system administered by DTC pursuant to which the Depositary may register the ownership of uncertificated American Depositary Shares, which ownership shall be evidenced by periodic statements issued by the Depositary to the Owners entitled thereto. Profile is a required feature of DRS which allows a DTC participant, claiming to act on behalf of an Owner of American Depositary Shares, to direct the Depositary to register a transfer of those American Depositary Shares to DTC or its nominee and to deliver those American Depositary Shares to the DTC account of that DTC participant without receipt by the Depositary of prior authorization from the Owner to register such transfer. (b) In connection with and in accordance with the arrangements and procedures relating to DRS/Profile, the parties understand that the Depositary will not verify, determine or otherwise ascertain that the DTC participant which is claiming to be acting on behalf of an Owner in requesting a registration of transfer and delivery as described in subsection (a) has the actual authority to act on behalf of the Owner (notwithstanding any requirements under the Uniform Commercial Code). For the avoidance of doubt, the provisions of Sections 5.03 and 5.08 shall apply to the matters arising from the use of the DRS. The parties agree that the Depositary’s reliance on and compliance with instructions received by the Depositary through the DRS/Profile System and in accordance with this Deposit Agreement shall not constitute negligence or bad faith on the part of the Depositary.
New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to: (1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute; (2) Limit unsuccessful logon attempts; (3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions; (4) Authorize wireless access prior to allowing such connections; (5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity; (6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions; (7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles; (8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services; (9) Enforce a minimum password complexity and change of characters when new passwords are created; (10) Perform maintenance on organizational systems; (11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance; (12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1; (13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital; (14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse; (15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas; (16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems; (17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems; (18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception); (19) Protect the confidentiality of Student Data at rest; (20) Identify, report, and correct system flaws in a timely manner; (21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems; (22) Monitor system security alerts and advisories and take action in response; and (23) Update malicious code protection mechanisms when new releases are available.
